Proofpoint    , a cybersecurity company , has recently discovered a new malware strain called ZenRAT. This modular remote access trojan (RAT) specifically targets Windows computers and disguises itself as a fake installation package of Bitwarden, a popular password manager    .
Hackers have been using a fake Bitwarden download page to target Windows users with ZenRAT . The malware steals information from compromised systems, including CPU and GPU names , operating system version   , browser passwords , and installed applications . It is still unclear how the malware is being distributed , but it has been delivered through SEO poisoning , adware bundles , or email in the past .
The fake site closely resembles the real Bitwarden website and only displays the fake download if accessed from a Windows host . Non-Windows users are redirected to a legitimate website . The payload is downloaded from a domain called crazygamesis[. ]com. The trojanized copy of Bitwarden’s installation package includes the ZenRAT .NET executable .
ZenRAT collects information about the host system and sends it to its command-and-control server  . The malware also runs anti-sandbox and anti-VM checks to ensure it operates safely .
To protect against ZenRAT and similar threats, users are advised to only download software from trusted sources and be cautious of ads in search engine results . It is crucial to stay vigilant and implement strong cybersecurity practices to mitigate the risks posed by malware attacks.